openEuler 24.03 LTS SP1 update for kernel



| Updated: 2025-04-08
Risk Low
Patch available YES
Number of vulnerabilities 71
CVE-ID CVE-2024-50191
CVE-2024-53050
CVE-2024-53128
CVE-2024-53150
CVE-2024-53155
CVE-2024-53157
CVE-2024-53158
CVE-2024-53159
CVE-2024-53160
CVE-2024-53171
CVE-2024-53180
CVE-2024-53187
CVE-2024-53190
CVE-2024-53191
CVE-2024-53194
CVE-2024-53196
CVE-2024-53203
CVE-2024-53213
CVE-2024-53215
CVE-2024-53218
CVE-2024-53219
CVE-2024-53224
CVE-2024-53229
CVE-2024-53231
CVE-2024-53234
CVE-2024-53239
CVE-2024-53241
CVE-2024-55639
CVE-2024-56543
CVE-2024-56546
CVE-2024-56549
CVE-2024-56562
CVE-2024-56570
CVE-2024-56572
CVE-2024-56582
CVE-2024-56583
CVE-2024-56585
CVE-2024-56586
CVE-2024-56592
CVE-2024-56594
CVE-2024-56595
CVE-2024-56596
CVE-2024-56597
CVE-2024-56605
CVE-2024-56609
CVE-2024-56613
CVE-2024-56619
CVE-2024-56622
CVE-2024-56626
CVE-2024-56631
CVE-2024-56633
CVE-2024-56638
CVE-2024-56649
CVE-2024-56654
CVE-2024-56660
CVE-2024-56662
CVE-2024-56663
CVE-2024-56667
CVE-2024-56672
CVE-2024-56679
CVE-2024-56691
CVE-2024-56720
CVE-2024-56726
CVE-2024-56739
CVE-2024-56742
CVE-2024-56745
CVE-2024-56747
CVE-2024-56755
CVE-2024-56756
CVE-2024-56759
CVE-2024-56763
CWE-ID CWE-667
CWE-476
CWE-125
CWE-908
CWE-191
CWE-119
CWE-366
CWE-416
CWE-665
CWE-415
CWE-388
CWE-835
CWE-399
CWE-1037
CWE-20
CWE-401
CWE-682
Exploitation vector Local
Public exploit Vulnerability #4 is being exploited in the wild.
Vulnerable software
 openEuler
Operating systems & Components / Operating system

python3-perf-debuginfo
Operating systems & Components / Operating system package or component

python3-perf
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

kernel-tools-devel
Operating systems & Components / Operating system package or component

kernel-tools-debuginfo
Operating systems & Components / Operating system package or component

kernel-tools
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-headers
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-debugsource
Operating systems & Components / Operating system package or component

kernel-debuginfo
Operating systems & Components / Operating system package or component

bpftool-debuginfo
Operating systems & Components / Operating system package or component

bpftool
Operating systems & Components / Operating system package or component

kernel
Operating systems & Components / Operating system package or component

Vendor openEuler

Security Bulletin

This security bulletin contains information about 71 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU100127

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50191

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_handle_error() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU100709

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53050

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the intel_dp_hdcp2_get_capability() function in drivers/gpu/drm/i915/display/intel_dp_hdcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper locking

EUVDB-ID: #VU101227

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53128

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the include/linux/sched/task_stack.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU101910

Risk: High

CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-53150

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the DESC_LENGTH_CHECK(), validate_clock_source() and validate_clock_selector() functions in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

5) Use of uninitialized resource

EUVDB-ID: #VU101917

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53155

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ocfs2_file_write_iter() and ocfs2_file_read_iter() functions in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU101914

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53157

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the scpi_dvfs_get_info() function in drivers/firmware/arm_scpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Integer underflow

EUVDB-ID: #VU101924

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53158

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the geni_se_clk_tbl_get() function in drivers/soc/qcom/qcom-geni-se.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU101925

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53159

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the store_target_temp(), store_temp_tolerance() and store_weight_temp() functions in drivers/hwmon/nct6775-core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Race condition within a thread

EUVDB-ID: #VU101926

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53160

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the krc_count(), schedule_delayed_monitor_work() and kvfree_call_rcu() functions in kernel/rcu/tree.c. A local user can corrupt data.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU102059

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53171

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the get_znodes_to_commit() function in fs/ubifs/tnc_commit.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper Initialization

EUVDB-ID: #VU102222

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53180

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the snd_pcm_mmap_data_fault() function in sound/core/pcm_native.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU102214

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53187

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the io_pin_pages() function in io_uring/memmap.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU102173

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53190

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the efuse_write_1byte() and read_efuse_byte() functions in drivers/net/wireless/realtek/rtlwifi/efuse.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Double free

EUVDB-ID: #VU102194

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53191

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ath12k_dp_free() function in drivers/net/wireless/ath/ath12k/dp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU102049

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53194

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pci_slot_release(), pci_bus_get() and make_slot_name() functions in drivers/pci/slot.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper error handling

EUVDB-ID: #VU102209

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53196

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the kvm_mmio_read_buf() and kvm_handle_mmio_return() functions in arch/arm64/kvm/mmio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Integer underflow

EUVDB-ID: #VU102211

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53203

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the ucsi_ccg_sync_control() function in drivers/usb/typec/ucsi/ucsi_ccg.c. A local user can execute arbitrary code.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Double free

EUVDB-ID: #VU102195

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53213

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the lan78xx_probe() function in drivers/net/usb/lan78xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper error handling

EUVDB-ID: #VU102208

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53215

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the svc_rdma_proc_init() function in net/sunrpc/xprtrdma/svc_rdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU102066

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53218

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the f2fs_do_shutdown() function in fs/f2fs/file.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU102132

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53219

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the virtio_fs_get_tree() function in fs/fuse/virtio_fs.c, within the fuse_read_args_fill(), fuse_release_user_pages(), fuse_aio_complete_req(), fuse_get_frag_size(), fuse_get_user_pages() and fuse_direct_io() functions in fs/fuse/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU102141

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53224

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_ib_dev_res_init(), mlx5_ib_stage_delay_drop_cleanup(), mlx5_ib_stage_dev_notifier_init() and STAGE_CREATE() functions in drivers/infiniband/hw/mlx5/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Infinite loop

EUVDB-ID: #VU102217

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53229

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the rxe_requester() function in drivers/infiniband/sw/rxe/rxe_req.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU102144

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53231

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cppc_get_cpu_power() function in drivers/cpufreq/cppc_cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Resource management error

EUVDB-ID: #VU102251

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53234

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the z_erofs_load_compact_lcluster() and z_erofs_get_extent_decompressedlen() functions in fs/erofs/zmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU102070

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53239

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU101817

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53241

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a malicious guest to gain access to sensitive information.

The vulnerability exists due to implemented mitigations for hardware vulnerabilities related to Xen hypercall page implementation the guest OS is relying on to work might not be fully functional, resulting in e.g. guest user processes being able to read data they ought not have access to.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU102991

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-55639

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rswitch_device_alloc(), of_node_put() and rswitch_device_free() functions in drivers/net/ethernet/renesas/rswitch.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Resource management error

EUVDB-ID: #VU102252

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56543

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ath12k_mac_peer_cleanup_all() function in drivers/net/wireless/ath/ath12k/mac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU102074

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56546

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xlnx_add_cb_for_suspend() function in drivers/soc/xilinx/xlnx_event_manager.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU102151

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56549

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cachefiles_ondemand_fd_write_iter() and cachefiles_ondemand_fd_llseek() functions in fs/cachefiles/ondemand.c, within the cachefiles_commit_object() and cachefiles_clean_up_object() functions in fs/cachefiles/interface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Input validation error

EUVDB-ID: #VU102279

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56562

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the i3c_master_put_i3c_addrs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Input validation error

EUVDB-ID: #VU102280

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56570

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ovl_dentry_init_flags() function in fs/overlayfs/util.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Memory leak

EUVDB-ID: #VU101996

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56572

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the allocate_buffers_internal() function in drivers/media/platform/allegro-dvt/allegro-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU102045

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56582

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_encoded_read_endio() function in fs/btrfs/inode.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Resource management error

EUVDB-ID: #VU102243

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56583

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the enqueue_dl_entity() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU102169

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56585

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the setup_tlb_handler() function in arch/loongarch/mm/tlb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper error handling

EUVDB-ID: #VU102204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56586

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the f2fs_write_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU102167

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56592

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the htab_elem_free(), free_htab_elem(), alloc_htab_elem(), htab_map_update_elem(), htab_map_delete_elem() and prealloc_lru_pop() functions in kernel/bpf/hashtab.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper locking

EUVDB-ID: #VU102160

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56594

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the amdgpu_ttm_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Out-of-bounds read

EUVDB-ID: #VU102088

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56595

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Out-of-bounds read

EUVDB-ID: #VU102087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56596

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the jfs_readdir() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU102086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56597

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU102020

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56605

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper locking

EUVDB-ID: #VU102165

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56609

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtw_usb_tx_handler() and rtw_usb_deinit_tx() functions in drivers/net/wireless/realtek/rtw88/usb.c, within the rtw_sdio_deinit_tx() function in drivers/net/wireless/realtek/rtw88/sdio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Memory leak

EUVDB-ID: #VU101995

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56613

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU102022

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56619

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_put_page() function in fs/nilfs2/dir.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Input validation error

EUVDB-ID: #VU102283

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56622

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the read_req_latency_avg_show() and write_req_latency_avg_show() functions in drivers/ufs/core/ufs-sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Out-of-bounds read

EUVDB-ID: #VU102081

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56626

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the smb2_write() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use-after-free

EUVDB-ID: #VU102024

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56631

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sg_release() function in drivers/scsi/sg.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU102025

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56633

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sock_put() function in net/ipv4/tcp_bpf.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Input validation error

EUVDB-ID: #VU102185

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56638

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nft_inner_parse() and nft_inner_parse_needed() functions in net/netfilter/nft_inner.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) NULL pointer dereference

EUVDB-ID: #VU102117

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56649

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/net/ethernet/freescale/enetc/enetc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Incorrect calculation

EUVDB-ID: #VU102257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56654

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the hci_le_create_big_complete_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) NULL pointer dereference

EUVDB-ID: #VU102118

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56660

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dr_domain_add_vport_cap() function in drivers/net/ethernet/mellanox/mlx5/core/steering/sws/dr_domain.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Out-of-bounds read

EUVDB-ID: #VU102077

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56662

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the acpi_nfit_ctl() function in drivers/acpi/nfit/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Input validation error

EUVDB-ID: #VU102187

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56663

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the NLA_POLICY_NESTED_ARRAY() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) NULL pointer dereference

EUVDB-ID: #VU102121

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56667

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the capture_engine() function in drivers/gpu/drm/i915/i915_gpu_error.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Use-after-free

EUVDB-ID: #VU102035

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56672

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the blkcg_unpin_online() function in block/blk-cgroup.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Input validation error

EUVDB-ID: #VU102277

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56679

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the otx2_get_max_mtu() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Resource management error

EUVDB-ID: #VU102226

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56691

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the wcove_typec_probe() function in drivers/usb/typec/tcpm/wcove.c, within the ARRAY_SIZE(), bxtwc_add_chained_irq_chip() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Input validation error

EUVDB-ID: #VU102266

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56720

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sk_msg_shift_left() and BPF_CALL_4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Input validation error

EUVDB-ID: #VU102270

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56726

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cn10k_alloc_leaf_profile() function in drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper locking

EUVDB-ID: #VU102154

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56739

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtc_timer_do_work() function in drivers/rtc/interface.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Memory leak

EUVDB-ID: #VU101983

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56742

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlx5vf_add_migration_pages() function in drivers/vfio/pci/mlx5/cmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Memory leak

EUVDB-ID: #VU101982

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56745

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the reset_method_store() function in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Memory leak

EUVDB-ID: #VU101980

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56747

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qedi_alloc_and_init_sb() function in drivers/scsi/qedi/qedi_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Input validation error

EUVDB-ID: #VU102265

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56755

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/netfs/fscache_volume.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Use-after-free

EUVDB-ID: #VU102008

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56756

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_free_host_mem(), __nvme_alloc_host_mem() and kfree() functions in drivers/nvme/host/pci.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU102393

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56759

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_force_cow_block() and btrfs_cow_block() functions in fs/btrfs/ctree.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Resource management error

EUVDB-ID: #VU102404

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56763

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tracing_cpumask_write() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 24.03 LTS SP1

python3-perf-debuginfo: before 6.6.0-75.0.0.79

python3-perf: before 6.6.0-75.0.0.79

perf-debuginfo: before 6.6.0-75.0.0.79

perf: before 6.6.0-75.0.0.79

kernel-tools-devel: before 6.6.0-75.0.0.79

kernel-tools-debuginfo: before 6.6.0-75.0.0.79

kernel-tools: before 6.6.0-75.0.0.79

kernel-source: before 6.6.0-75.0.0.79

kernel-headers: before 6.6.0-75.0.0.79

kernel-devel: before 6.6.0-75.0.0.79

kernel-debugsource: before 6.6.0-75.0.0.79

kernel-debuginfo: before 6.6.0-75.0.0.79

bpftool-debuginfo: before 6.6.0-75.0.0.79

bpftool: before 6.6.0-75.0.0.79

kernel: before 6.6.0-75.0.0.79

CPE2.3 External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1079


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###